OS Command Injection Vulnerability in Perle IOLAN STS/SCS Terminal Servers
CVE-2026-23759

8.6HIGH

Key Information:

Vendor

Perle Systems

Status
Iolan Sts
Iolan Scs
Vendor
CVE Published:
17 March 2026

What is CVE-2026-23759?

The Perle IOLAN STS/SCS terminal servers running firmware versions prior to 6.0 are susceptible to an OS command injection vulnerability. This security flaw allows authenticated users to exploit the restricted shell accessed via Telnet or SSH. Due to improper argument sanitization in the shell 'ps' command, an attacker can inject shell metacharacters following the 'ps' subcommand. By executing these commands, the attacker may gain root privileges, potentially compromising the entire operating system running on the device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IOLAN SCS 0 < 6.0

IOLAN STS 0 < 6.0

References

https://www.perle.com/downloads/server_sds_sts_rackmount....
product
https://www.perle.com/support_services/documentation_pdfs...
product
https://www.vulncheck.com/advisories/perle-iolan-sts-scs-...
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp.
Omar Crespo, Pentester, GM Sectec, Corp.
VulnCheck
JSON
.